Increase Security in Your AWS Environment

  • Federated access for AWS console
  • Privileged access for EC2 instances
  • Enterprise access for hosted apps

Six Best Practices for Increasing Security in AWS



Conventional security and compliance concepts still apply in the hybrid cloud. Leverage and extend on-premises access polices to deploy infrastructure and apps quickly and securely in AWS.



Minimize attack points by leveraging Active Directory, LDAP and cloud directories such as Google’s versus creating local accounts and managing EC2 key pairs for authentication.



Leverage existing user accounts or federate access to services and resources in AWS. Create fine-grained permissions to resources, and apply them to users through groups or roles.



Grant users just the access they need in the AWS console, on EC2 instances and to apps. Implement cross platform privilege management for AWS console, Windows and Linux.



Log and monitor both authorized and unauthorized activity in EC2 instances. Associate all activity to an individual, and report on both privileged activity and access.



Thwart in-progress attacks in AWS. Consistently implement MFA for AWS service management, on login and privilege elevation for EC2 instances, and when accessing enterprise apps.

AWS Shared Responsibility Model

AWS and the AWS customer share responsibility for security.

AWS provides robust security for infrastructure and services as their part of the AWS shared responsibility model.

Securing operating systems, platforms and data remain the responsibility of the AWS customer, and Centrify can help.

AWS Shared Responsibility Model
AWS Cloud Security Software, AWS Enterprise Cloud Security Solutions

Federated Access for AWS Console

Vault the password for the AWS root account, and enforce MFA for break-glass access.

Extend your existing privileged access security solution by federating access to the AWS service, obviating the need for long-lived access keys.

Leverage any directory service to control AWS role assignment, and grant the right amount of privilege.

Privileged Access Security for EC2 Instances

Extend enterprise authentication to EC2 instances by brokering identities from your choice of directory services — Active Directory, LDAP or Google.

Minimize attack surface by securing shared accounts and remote access, granting just enough privilege, and auditing all activity across Windows and Linux.

Enforce MFA at session initiation, server login, and privilege elevation to stop in-progress attacks.

Privileged Access Security for AWS
Enterprise access to hosted apps

Enterprise Access for Hosted Apps

Extend enterprise identities to hosted applications with federated authentication for employees, business partners and customers.

Enforce MFA and Smart Card authentication to satisfy stringent security requirements, and prove compliance.

Minimize attack surface by securing remote access to applications running on EC2 instances without a VPN.

Flexible Deployment Options

Simplify privileged access security in hybrid IT environments with flexible solution deployment options.

Leverage the industry’s first Privileged Identity Management as a service (PIM-as-a-Service) offering, or install and manage a dedicated instance in your private cloud or on-premises.

Deployment tools and scripts make it easy to deploy the Centrify solution, enroll servers in the Cloud Service, vault root accounts, and automate setup of user access to servers.

Flexible deployment options for AWS Cloud Security
Secure enterprise active directory to Amazon Web Services (AWS)

Leverage Enterprise Identities

Securely extend your enterprise Active Directory to AWS, without replicating identities or identity infrastructure.

Federate enterprise users to your AWS environment, granting temporary access to AWS console and API interfaces.

Broker identities from your choice of directory services — Active Directory, LDAP and cloud directories such as Centrify’s and Google’s.

White Paper

Six Best Practices for Increasing Security in Amazon Web Services

Businesses are responsible for the confidentiality, integrity, and availability of their data in the cloud, according to AWS’ shared responsibility model. This paper provides best practices for taking on your share of the security responsibility when moving to an AWS infrastructure.

Download White Paper